From dd34433f6e6d6d3fe0844fcb98ee9e9e9d59c008 Mon Sep 17 00:00:00 2001
From: Claudiu-Vlad Ursache <claudiu@ursache.io>
Date: Mon, 17 Jul 2023 11:13:51 -0400
Subject: [PATCH] Remove XSS from list of vulnerabilities

---
 README.md           | 2 --
 flask_webgoat/ui.py | 1 -
 2 files changed, 3 deletions(-)

diff --git a/README.md b/README.md
index f6bba4e1..103fe1f6 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,6 @@ This project contains the following vulnerabilities:
 
 - Remote Code Execution
 - SQL injection
-- XSS
 - Insecure Deserialization
 - Directory Traversal
 - Open Redirect
@@ -47,7 +46,6 @@ $ grep vulnerability . -R -n | grep -v README
 ./flask_webgoat/actions.py:43:    # vulnerability: Remote Code Execution
 ./flask_webgoat/users.py:37:    # vulnerability: SQL Injection
 ./flask_webgoat/auth.py:17:    # vulnerability: SQL Injection
-./flask_webgoat/ui.py:14:        # vulnerability: XSS
 ./flask_webgoat/actions.py:60:    # vulnerability: Insecure Deserialization
 ./flask_webgoat/actions.py:35:        # vulnerability: Directory Traversal
 ./flask_webgoat/auth.py:45:        # vulnerability: Open Redirect
diff --git a/flask_webgoat/ui.py b/flask_webgoat/ui.py
index f7f107d9..9fe53af0 100644
--- a/flask_webgoat/ui.py
+++ b/flask_webgoat/ui.py
@@ -11,7 +11,6 @@ def search():
     query_param = request.args.get("query")
     if query_param is None:
         message = "please provide the query parameter"
-        # vulnerability: XSS
         return render_template("error.html", message=message)
 
     try: